CVE-2023-52852

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52852
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52852.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52852
Downstream
Published
2024-05-21T15:31:47Z
Modified
2025-10-15T05:33:56.257550Z
Summary
f2fs: compress: fix to avoid use-after-free on dic
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: compress: fix to avoid use-after-free on dic

Call trace: _memcpy+0x128/0x250 f2fsreadmultipages+0x940/0xf7c f2fsmpagereadpages+0x5a8/0x624 f2fsreadahead+0x5c/0x110 pagecacheraunbounded+0x1b8/0x590 dosyncmmapreadahead+0x1dc/0x2e4 filemapfault+0x254/0xa8c f2fsfilemapfault+0x2c/0x104 _dofault+0x7c/0x238 dohandlemmfault+0x11bc/0x2d14 domemabort+0x3a8/0x1004 el0da+0x3c/0xa0 el0t64synchandler+0xc4/0xec el0t64_sync+0x1b4/0x1b8

In f2fsreadmultipages(), once f2fsdecompresscluster() was called if we hit cached page in compressinode's cache, dic may be released, it needs break the loop rather than continuing it, in order to avoid accessing invalid dic pointer.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ce19aff0b8cd386860855185c6cd79337fc4d2b
Fixed
8c4504cc0c64862740a6acb301e0cfa59580dbc5
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ce19aff0b8cd386860855185c6cd79337fc4d2b
Fixed
9375ea7f269093d7c884857ae1f47633a91f429c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ce19aff0b8cd386860855185c6cd79337fc4d2b
Fixed
932ddb5c29e884cc6fac20417ece72ba4a35c401
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ce19aff0b8cd386860855185c6cd79337fc4d2b
Fixed
9d065aa52b6ee1b06f9c4eca881c9b4425a12ba2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ce19aff0b8cd386860855185c6cd79337fc4d2b
Fixed
b0327c84e91a0f4f0abced8cb83ec86a7083f086
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a23706426da9b611be5beae0f3faa260fb453b4e

Affected versions

v5.*

v5.13
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.13.19
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.100
v5.15.101
v5.15.102
v5.15.103
v5.15.104
v5.15.105
v5.15.106
v5.15.107
v5.15.108
v5.15.109
v5.15.11
v5.15.110
v5.15.111
v5.15.112
v5.15.113
v5.15.114
v5.15.115
v5.15.116
v5.15.117
v5.15.118
v5.15.119
v5.15.12
v5.15.120
v5.15.121
v5.15.122
v5.15.123
v5.15.124
v5.15.125
v5.15.126
v5.15.127
v5.15.128
v5.15.129
v5.15.13
v5.15.130
v5.15.131
v5.15.132
v5.15.133
v5.15.134
v5.15.135
v5.15.136
v5.15.137
v5.15.138
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.87
v5.15.88
v5.15.89
v5.15.9
v5.15.90
v5.15.91
v5.15.92
v5.15.93
v5.15.94
v5.15.95
v5.15.96
v5.15.97
v5.15.98
v5.15.99
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.10
v6.5.11
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.5.7
v6.5.8
v6.5.9
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d065aa52b6ee1b06f9c4eca881c9b4425a12ba2",
            "signature_type": "Line",
            "target": {
                "file": "fs/f2fs/data.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "239486483759554225675501747968735346937",
                    "83479551047117055013803200721928782321",
                    "37611575724662734243146436006498657463",
                    "85662404632317374478842802729262006986",
                    "268460502024481512531602856360538539349"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-52852-5c81daa9"
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0327c84e91a0f4f0abced8cb83ec86a7083f086",
            "signature_type": "Function",
            "target": {
                "function": "f2fs_read_multi_pages",
                "file": "fs/f2fs/data.c"
            },
            "deprecated": false,
            "digest": {
                "length": 3244.0,
                "function_hash": "293716274060396096178526600056889886545"
            },
            "id": "CVE-2023-52852-6109c7d6"
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@932ddb5c29e884cc6fac20417ece72ba4a35c401",
            "signature_type": "Line",
            "target": {
                "file": "fs/f2fs/data.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "239486483759554225675501747968735346937",
                    "83479551047117055013803200721928782321",
                    "37611575724662734243146436006498657463",
                    "85662404632317374478842802729262006986",
                    "268460502024481512531602856360538539349"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-52852-64b9caf4"
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d065aa52b6ee1b06f9c4eca881c9b4425a12ba2",
            "signature_type": "Function",
            "target": {
                "function": "f2fs_read_multi_pages",
                "file": "fs/f2fs/data.c"
            },
            "deprecated": false,
            "digest": {
                "length": 3244.0,
                "function_hash": "293716274060396096178526600056889886545"
            },
            "id": "CVE-2023-52852-b8561835"
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0327c84e91a0f4f0abced8cb83ec86a7083f086",
            "signature_type": "Line",
            "target": {
                "file": "fs/f2fs/data.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "239486483759554225675501747968735346937",
                    "83479551047117055013803200721928782321",
                    "37611575724662734243146436006498657463",
                    "85662404632317374478842802729262006986",
                    "268460502024481512531602856360538539349"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-52852-db8f1264"
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@932ddb5c29e884cc6fac20417ece72ba4a35c401",
            "signature_type": "Function",
            "target": {
                "function": "f2fs_read_multi_pages",
                "file": "fs/f2fs/data.c"
            },
            "deprecated": false,
            "digest": {
                "length": 3244.0,
                "function_hash": "293716274060396096178526600056889886545"
            },
            "id": "CVE-2023-52852-dd3e6a7e"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.14.0
Fixed
5.15.139
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.63
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.5.12
Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.2